Orion Registrar, Inc. Certification Regulations

Revision I Effective Date January 03, 2017

Introduction

This document outlines the process of obtaining and maintaining certification with Orion Registrar Incorporated. Included are the requirements and rights of a Company undergoing certification services, along with the applicable rules of conduct for the Company and Orion Registrar Inc. Orion Registrar Incorporated will be referred to herein as “Orion.” The Company requesting certification services is referred to as the “Applicant” or “Company or Client.” After a contract is signed and the process has begun, the Applicant is referred to as the “Client. The Certificate of Certification is referred to as the “Certificate.”

1.0 Overview of the Certification Process

The basic steps of the Management System Certification Processes are:

a)  Company Profile: This detailed description of the Company seeking certification services provides the information necessary for Orion to perform the certification activities.

b)  Quotation: Orion provides the Company with a price for the different certification activities.

c)  Application for Certification Services: This is the official document requesting certification services from Orion. After the Applicant and Orion approve this document, it becomes a legal contract.

d)  Pre-Audit (Optional): An optional audit to review the Management System or Product Certification for conformance to the applicable requirements

e)  Stage 1 Audit: Normally conducted at the client site to determine if Management System is sufficiently documented to warrant the next steps. This audit includes a Document Review of the Client’s Management System Documentation. All nonconformities identified in this review must be addressed before certification will be granted.

f)  Stage 2 Audit: Determines if the Client has successfully documented and implemented a Management System for the requirements of a specified standard. Note: For Product Certification, the product certification scheme may only require an Initial Audit or an Initial Audit and Document Review. The Initial Audit will combine the Stage 1 Audit and Stage 2 Audits into one audit.

g)  Issuance of Certification: After successful completion of the Stage 1 and 2 audits or Initial Audits and after the Client has corrected all major nonconformities and addressed all minor nonconformities, the Certificate will be issued to the Client.

h)  Surveillance Audit: An Audit conducted at the Client’s site every six or twelve months. It reviews a portion of the standard and determines if the Client has implemented and is maintaining a Management System or Product Certification System that meets the requirements of the standard. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.

i)  Recertification Audit: Conducted every three years for Management Systems or five years for Product Certification to review if the client has maintained an effective management system for the applicable standard. After successful completion of the Recertification Audit, the process starts over at Step g), until the next three-year anniversary occurs for Management Systems or five years for Product Certification. Then another Recertification Audit will be conducted.

If a Client does not pass the Stage 2 Audit for Management Systems or the Initial Audit for Product Certification, or Recertification Audit or fails to maintain its Management System Program, a Corrective Action Audit may be implemented to review the situation.

Further details are provided in the next sections of this document.

2.0 Requirements

2.1 Each Certified Facility shall:

  1. For Management System, have Management System documentation that addresses the applicable standard. For Product Certification, have a documented system that addresses the applicable Standard or Program.
  2. Document and maintain a Management System or Product Certification in accordance with the applicable standard(s) requirements.

c.  For Management Systems, perform a management review and internal audit of the Management System before the Stage 2. For Product Certification the requirement is if the scheme requires Management Review and/or Internal Audits. If required, these activities must be completed before the Initial Audit.

  1. Allow Orion access to all certified locations during normal working hours to assess the effectiveness of the Management System or the Product Certification.
  2. Inform Orion (in writing) of major changes to the Management System or Product Certification (e.g., changes of: ownership, management structure, production capability, location, the Management System Manual or Documentation, or new significant environmental aspects of the Environmental Program).
  3. Use the Certification Mark/Logos in accordance with Orion’s requirements as specified in this document and Use of Logos hand-out. Original Certificates are the property of Orion. May not use the certification in such manner as to bring Orion into disrepute and may not make any statement regarding its certification which Orion may consider misleading or unauthorized. Endeavor to ensure that no certificate or report or any part thereof is used in a misleading manner.
  4. Upon termination of the certification, discontinue reference to the certification in all advertising material or other documents and return any certification documents as required by Orion. The Company shall notify its contracting companies that the certification has been terminated and the Company will be required to return the original Certificates to the Orion office. For Management Systems, the certification shall not be used as evidence of product certification, product endorsement, or product approval.
  5. Maintain a record of all complaints and remedial actions concerning the Client’s products or services.
  6. Allow Accreditation Bodies, Program Representatives and Regulatory Agencies access for Witness Audits of Orion and oversight programs of Orion.
  7. Comply with the applicable requirements of the Standard or Program. In addition for Product Certification comply with the requirements and to supply any information needed for evaluation of products to be certified.
  8. Comply with the requirements of this document.

l.  Have the right to object to the assignment of a specific Auditor, and may request that a different Auditor be assigned.

2.2 Orion Shall:

  1. Perform Pre-audits, Stage 1 Audits, Stage 2 Audits, Corrective Action Audits, Surveillance Audits, Transfer Audits and Recertification Audits, as applicable, to the requirements of the Orion Quality Manual. Orion shall issue reports after each audit. Orion maintains ownership of all its reports. The Company may reproduce an Orion report, but only the entire report, as issued by Orion. For Product Certification, the Initial Audit replaces Stage1 and Stage 2.
  2. Verify the certification status of Certified Companies. This shall include their name, location, certification, and date of certification expiration.
  3. Maintain all information pertaining to the applicant (other than specified in 2.2b) confidential and not release any information without written permission of the applicant except as required by program requirements and/or required by law. Examples of program and legal release of information are:
  4. Information for the OASIS Database for AS9100.
  5. Information required for BAN for the e-Steward Standard.
  6. Information required by ISRI for RIOS.
  7. Information required by SAAI for SA8000.
  8. Information required by SFI for SFI Chain of Custody or Fiber Sourcing
  9. Information required by PEFC for PEFC Chain of Custody.
  10. TL measurements data submitted to the Measurement Repository System
  11. Other information or data that is required by a Program or Standard to be posted or sent to a specific organization.
  12. Records requested by applicable Accreditation Bodies or Regulatory Agencies in writing concerning specific program or problems
  13. Information required by SERI for R2

d.  Information may be shown to Orion’s Accreditation Bodies or Regulatory Agencies who may review this information as part of a standard Compliance Audit of Orion.

  1. Comply with all Client’s rules and regulations while at the Company’s facilities.
  2. Comply, in all activities, with applicable accreditation body requirements, and Orion’s Quality Manual, Certification Regulations, and procedures.
  3. When the desired scope of certification is related to specific system or type of system operated by Orion, any needed explanation shall be provided to the applicant.

3.0 Company Profile

Orion requires an authorized representative of the applicant organization to provide the necessary information:

a)  The desired scope of the certification. For Product Certification, a definition of the products to be certified, the certification system, and the standards against which each product is to be certified, if known to the applicant.

b)  The general features of the applicant organization including its name and address(es) of its physical location(s), significant aspects of its processes and operations, and any relevant legal obligations

c)  General information relevant for the field of certification applied for, concerning the applicant organization such as activities, human and technical resources, functions and relationships in a larger corporation, if any

d)  Information concerning all outsourced processes used by the organization that will affect conformity to requirements

e)  The standards or other requirements for which the applicant organization is seeking certification

f)  Information concerning the use of consultancy relating to the management system.

4.0 Quotation:

Orion will provide the potential client with quotes for the optional Pre-audit, the Stage 1, Stage 2, the first Surveillance Audit and any fees. For Product Certification the quotation may be for the Initial Audit, the specific Product Certification activities, the first Surveillance Audit and any fees. The Recertification Audit is normally not quoted unless requested by the potential client or client.

5.0 Application for Certification

Orion will give full consideration to any Application for Certification of a Management System or Product Certification in accordance with the proper standard(s) or programs. For Management Systems certification, Orion will require the Client to have a documented Management System. For Product Certification, Orion requires that the company meets all the requirements for the product of the applicable Standard or Program. If the standard or program requires a management system, the management system is required to be documented and implemented in accordance with the requirements of the applicable Standard or Program. The Company seeking certification services will complete a Company Profile (or equivalent) and a contract agreement (Application for Certification Service) for the certification process.

For companies seeking certification services:

  1. Orion will never delay requests for certification services without justifiable cause.
  2. Orion will always maintain the necessary level of expertise and capability to perform certification services.
  3. Orion shall make its services accessible to all applicants whose activities fall within the declared field of operation. There shall not be undue financial or other conditions. Access shall not be conditional upon the size of the supplier, or membership in any association or group, nor shall certification be conditional upon the number of certificates already issued.
  4. If an Application for Certification is rejected, Orion will inform the Applicant in writing, stating the reasons for the rejection, and advising that the decision may be appealed. The rejection may also be appealed to the applicable accreditation agency.

The contract (Application for Certification Service) is the legal agreement to conduct the certification activities, including confidentiality requirements and the right of access to the Client to conduct audit activities. The contract shall also require the Client to keep records of all complaints and subsequent remedial actions. These records must be available to Orion.

6.0 Pre-Audit

The aim of the Pre-audit is to determine the readiness of the Client for the Stage 1 and 2 Audits. It shall be similar in scope to the Stage 2 unless the Client requests a smaller scope. Following the Pre-audit, the Client will be issued a report that details the activities not meeting the applicable requirements of the standard. The Auditor(s) will not consult during the Pre-audit activities. The Client has the right to object to the identified Auditor(s) for the Pre-Audit.

7.0 Stage 1 Audit

The Stage 1 Audit shall review the following:

a)  Audit the client’s Management System Documentation (Stage 1 Document Review).

b)  Evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 audit.

c)  Review the client’s status and understanding regarding the requirements of the standard, in particular with respect to the key performance or significant aspects, processes, objectives and operation of the management system.

d)  Collect necessary information regarding the scope of the management system, processes and location(s) of the client and related statutory, regulatory and compliance issues (e.g. quality, environmental, legal aspects of the clients operation, associated risks, etc.)

e)  Review the allocation of resources for Stage 2 audit and agree with the client on details of the Stage 2 Audit.

f)  Provide a focus for planning the Stage 2 audit by gaining sufficient understanding of the client’s Management System and site operations in the context of possible significant aspects.

g)  To evaluate if the internal audit and management review are being planned and performed and that the level of implementation of the management system substantiates that the client is ready for Stage 2 Audit.

For most management systems, it is recommended that at least part of the Stage 1 Audit be carried out at the client’s premises in order to achieve the objectives stated above. Stage 1 audit findings shall be documented as Areas of Concern. The duration between Stage 1 and Stage 2 Audits will be determined from the needs of the client to resolve the nonconformities identified during the Stage 1 Audit. From the Stage 1 review, Orion may change the original planned duration between Stage 1 and Stage 2.

8.0 Stage 2 Audit

The purpose of the Stage 2 Audit is to evaluate the implementation, including effectiveness of the client’s management system. The Stage 2 audit shall take place at the site(s) of the client. It shall include at least the following:

a)  Information and evidence about conformity to all requirements of the applicable management system standard or other normative documents.

b)  Performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).

c)  The client’s management system and performance as regards legal compliance.

d)  Operational control of the client’s processes

e)  Internal auditing and management review

f)  Management responsibility for the client’s policies

g)  Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal requirements, responsibilities, competence of personnel, operations, procedures, performance data and internal audit findings and conclusions